DSXchange: DataStage and IBM Websphere Data Integration Forum
View next topic
View previous topic
Add To Favorites
Author Message
Criaz91
Participant



Joined: 09 Nov 2017
Posts: 3

Points: 56

Post Posted: Thu Nov 09, 2017 7:19 am Reply with quote    Back to top    

DataStage® Release: 11x
Job Type: Parallel
OS: Windows
Additional info: Hierarchical stag doesn't appear to be working with TLSv1.2.
Hi

When I click on "Edit assembly" button in Hierarchical Data stage then I get the following error message on engine tier:

---------------------------------------------------------------------------------------------------------------------------------

Code:
[10/18/17 13:24:29:428 GMT] 0003a4b2 SSLHandshakeE E   SSLC0008E: Unable to initialize SSL connection.  Unauthorized access was denied or security settings have expired.  Exception is javax.net.ssl.SSLHandshakeException: Client requested protocol TLSv1 not enabled or not supported
   at com.ibm.jsse2.ab.y(ab.java:439)
   at com.ibm.jsse2.nc.b(nc.java:227)
   at com.ibm.jsse2.nc.c(nc.java:339)
   at com.ibm.jsse2.nc.wrap(nc.java:256)
   at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:25)
   at com.ibm.ws.ssl.channel.impl.SSLUtils.handleHandshake(SSLUtils.java:744)
   at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.readyInbound(SSLConnectionLink.java:565)
   at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.ready(SSLConnectionLink.java:294)
   at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
   at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
   at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175)
   at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
   at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
   at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
   at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
   at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
   at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
   at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1862)
Caused by: javax.net.ssl.SSLHandshakeException: Client requested protocol TLSv1 not enabled or not supported
   at com.ibm.jsse2.j.a(j.java:24)
   at com.ibm.jsse2.nc.a(nc.java:132)
   at com.ibm.jsse2.ab.a(ab.java:130)
   at com.ibm.jsse2.ab.a(ab.java:207)
   at com.ibm.jsse2.cb.a(cb.java:657)
   at com.ibm.jsse2.cb.a(cb.java:625)
   at com.ibm.jsse2.ab.r(ab.java:528)
   at com.ibm.jsse2.ab$1.a(ab$1.java:2)
   at com.ibm.jsse2.ab$1.run(ab$1.java:1)
   at java.security.AccessController.doPrivileged(AccessController.java:366)
   at com.ibm.jsse2.ab$c_.run(ab$c_.java:11)
   at com.ibm.ws.ssl.channel.impl.SSLUtils.handleHandshake(SSLUtils.java:831)
   ... 12 more

.
---------------------------------------------------------------------------------------------------------------------------------

Protocol TLSv1 is disabled on our engine tier (WAS 8.5.5.1 & Infospehere Information Server 11.3.1.2), only TLSv1.2 is allowed (engine tier is installed on SUSE linux).
I get above mentioned error message on Client tier (IIS 11.3.1.2) in Datastage Designer, what is installed on Windows Server 2012. We're using on both tier java version "1.7.0".

Somebody have any idea how to force DataStage client to use only TLSv1.2? I already tried to add "Dcom.ibm.jsse2.overrideDefaultTLS=true -Dcom.ibm.jsse2.overrideDefaultProtocol=TLSv12" in Hierarchical Data stage JVM optional arguments, but it didn't work for me.

Any assistance would be appreciated, thank you in advance.
qt_ky



Group memberships:
Premium Members

Joined: 03 Aug 2011
Posts: 2653
Location: USA
Points: 19683

Post Posted: Thu Nov 09, 2017 7:41 am Reply with quote    Back to top    

Try checking the settings and the APAR mentioned in this tech note:

http://www-01.ibm.com/support/docview.wss?uid=swg21699845

_________________
Choose a job you love, and you will never have to work a day in your life. - Confucius
Rate this response:  
Not yet rated
Criaz91
Participant



Joined: 09 Nov 2017
Posts: 3

Points: 56

Post Posted: Thu Nov 09, 2017 7:57 am Reply with quote    Back to top    

Hi, APAR JR52781 is included in "IBM InfoSphere Information Server, Version 11.3.1.2" what we have currently installed, and I did every steps on that page before I posted my question here and it didn't help.
Rate this response:  
Not yet rated
qt_ky



Group memberships:
Premium Members

Joined: 03 Aug 2011
Posts: 2653
Location: USA
Points: 19683

Post Posted: Thu Nov 09, 2017 10:45 am Reply with quote    Back to top    

Would have been nice to know that... Have you tried working with Support?

_________________
Choose a job you love, and you will never have to work a day in your life. - Confucius
Rate this response:  
Not yet rated
Criaz91
Participant



Joined: 09 Nov 2017
Posts: 3

Points: 56

Post Posted: Tue Nov 14, 2017 7:03 am Reply with quote    Back to top    

yes, today I contacted support regarding this issue.
Rate this response:  
Not yet rated
skathaitrooney
Participant



Joined: 06 Jan 2015
Posts: 80

Points: 703

Post Posted: Thu Nov 16, 2017 4:26 am Reply with quote    Back to top    

Did you manage to resolve it ?
Rate this response:  
Not yet rated
Display posts from previous:       

Add To Favorites
View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Powered by phpBB © 2001, 2002 phpBB Group
Theme & Graphics by Daz :: Portal by Smartor
All times are GMT - 6 Hours